[WIP] Firebase Auth Component

[abhinavkrin]

This PR adds the firebase auth component to RC4Community.
Used next-firebase-auth

Set up

1. set up environment variables for firebase config in .env.local

# Environment variables for firebase-admin
FIREBASE_PROJECT_ID=required
FIREBASE_PRIVATE_KEY=required
FIREBASE_CLIENT_EMAIL=required
FIREBASE_DATABASE_URL=if needed, see initAuth in /app/components/auth/firebase/lib/functions.js

# Environment variables for firebase client config.
NEXT_PUBLIC_FIREBASE_PROJECT_ID=required
NEXT_PUBLIC_FIREBASE_API_KEY=required
NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN=required
NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET=
NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID=
NEXT_PUBLIC_FIREBASE_APP_ID=required
NEXT_PUBLIC_FIREBASE_MEASUREMENT_ID=

# for cookies signing
COOKIE_SECRET_CURRENT=
COOKIE_SECRET_PREVIOUS=

2. Export the page component with withAuthUserSSR(Page) and use useAuthUser() to get user info.
3. For SSR,

export const getServerSideProps = withAuthUserSSR(options)(({AuthUser}) => {  })

For more details, see https://github.com/gladly-team/next-firebase-auth
4. The AuthUI component handles UI for login and signup.
5. To use in development env. Set, secure: false in cookies config in initAuth function in file /app/components/auth/firebase/lib/functions.js

cookies: {
      ...
      ....
      sameSite: 'strict',
      secure: false, // set this to false in local (non-HTTPS) development
      signed: true,
    },

[CLAassistant]

All committers have signed the CLA.

[lgtm-com]

This pull request introduces 9 alerts when merging 9181aff into 43d489e - view on LGTM.com

new alerts:

• 9 for Unused variable, import, function or class

[lgtm-com]

This pull request introduces 7 alerts when merging 1d902eb into 43d489e - view on LGTM.com

new alerts:

• 7 for Unused variable, import, function or class

[RonLek]

Check if error includes a message field. Directly setError with error.message instead of using switch-case.

[abhinavkrin]

Firebase functions throw errors with a certain code. I check the error.message property. Its same as the code. In order to use custom error messages. I used switch cases.

[RonLek]

Use field similar to e.message instead of switch.

[RonLek]

No switch-case needed.

[RonLek]

@abhinavkrin please highly improve code-quality, follow DRY and end new files with new-lines.

[Sing-Li]

@abhinavkrin pls resolve the trivial conflicts when you get a chance.

[RonLek]

Instead of having the user to extract these fields from the service-account file can we instead give the path to the sa file itself? Ref: https://stackoverflow.com/a/66984271/8316412

[abhinavkrin]

Yes, we can. But while deploying users may refrain from uploading their service-key.json file. We can set the contents of the file in an environment variable. For now, I have edited the readme.md for firebase auth and mentioned where to find the values. Waiting for your comment on this.

[RonLek]

Users wouldn't be required to upload their sa file to Git. Instead of scouring through the file for the variables (3 vars), it would be far easier to directly give path to the sa file (1 var), while having the user keep their file even outside the RC4Community project (the absolute path would be specified in this case).

Moreover, there is a case of having multiple sa files with different privileges. Instead of replacing the 3 env variables every time, it'll be easier for the user to just change the path to the file.

[RonLek]

@abhinavkrin . Please:

1. Create a .env.local.sample file with dummy values to let users know which environment variables do they need.
2. End files with a new line. Read this.
3. Remove the cms/package-lock.json file from the PR.
4. Resolve merge conflicts.
5. Squash your commits into one.

[Sing-Li]

@abhinavkrin . Please:

1. Create a .env.local.sample file with dummy values to let users know which environment variables do they need.
2. End files with a new line. Read this.
3. Remove the cms/package-lock.json file from the PR.
4. Resolve merge conflicts.
5. Squash your commits into one.

@RonLek is there a difference between him squashing before commit versus us squashing when we merge? If not, perhaps we should just squash every time.

[Sing-Li]

@abhinavkrin right now, if a user just build according to instructions and does not configure firebase (set environment variables etc), then the startup will crash with a cryptic message.

Can we please do a check on the required ENV VAR, and if they don't exist --- render the component into a "do nothing" sample component ?

Having it build successfully and not crash, even though auth doesn't work without ENV VARs/configs, will be a significantly better developer experience.

You can also log a loud errror message to the console - providing a URL to the doc on how to configure firebase.

In fact, the component itself can render : "You must configure Firebase to use this component. See https://github.com/rocketchat/.... for more information"

[lgtm-com]

This pull request introduces 2 alerts when merging 5f46a00 into 8c2999d - view on LGTM.com

new alerts:

• 2 for Assignment to constant

[abhinavkrin]

@abhinavkrin right now, if a user just build according to instructions and does not configure firebase (set environment variables etc), then the startup will crash with a cryptic message.

Can we please do a check on the required ENV VAR, and if they don't exist --- render the component into a "do nothing" sample component ?

Having it build successfully and not crash, even though auth doesn't work without ENV VARs/configs, will be a significantly better developer experience.

You can also log a loud errror message to the console - providing a URL to the doc on how to configure firebase.

In fact, the component itself can render: "You must configure Firebase to use this component. See https://github.com/rocketchat/.... for more information"

@Sing-Li Wrote some wrapper components: withFirebaseAuthUser, withFirebaseAuthUserSSR, withFirebaseAuthUserTokenSSR and useFirebaseAuthUser . These will check if the firebase app has initialized without any errors or not. Hence preventing build fails. Though using components directly from next-firebase-auth is recommended.